The sub domains are handled differently depending on the browser. Firefox will interpret *.domain.com literally as anything.domain.com. So www.domain.com and www.blog.domain.com are both handled by the one entry. IE handles wildcards only for that portion of the FQDN. So you would have one for *.domain.com that would match www.domain.com or blog.domain.com and *.*.domain.com that would match www.blog.domain.com or www.somethingelse.domain.com.